About Objects And Security; The Basics Of Dx Storage Security - Dell DX6000 Application Manual

Currently, DX Storage understands only one application-level protocol, the Simple Content Storage
Protocol (SCSP), which is a subset of the Hypertext Transfer Protocol,
servers and browsers. While it is possible that additional access protocols will be added to DX
Storage in the future, HTTP is the only protocol supported for the URI at this time.
A DX Storage cluster is addressed using either the DNS name or the IP address of one of the
nodes in the cluster. It doesn't matter which node is addressed initially, as long as it is accessible
to the application on the network. Of course, if the addressed node has failed, or is offline for some
reason, your URI might need to change. Note that it is not necessary that the node named in the
URI be the same one that actually stored the object in the first place because any node can be
asked to retrieve any object stored on any other node in the cluster.
For unnamed objects, the UUID of an object to be retrieved from a DX Storage cluster is specified
in the last component of the URI as a string of 32 case-insensitive hexadecimal digits. The length
of the UUID string must always be exactly 32 characters (any leading zeros must be included).
When storing an object for the first time, obviously there is no UUID assigned yet. Therefore, a
WRITE request in SCSP includes just the first two components of the URI. After the data has been
transferred and stored, DX Storage generates and returns a new UUID to the application.

1.8. About Objects and Security

Starting with DX Storage version 5.0, you can optionally use security with named and unnamed
objects. You can, for example, enable only users in a particular security realm to make changes to
an object and prevent any other users from changing the object. You can apply security to buckets
and to named or unnamed objects.
The following figure shows a simple example of using security.
In the example, the user Joe has access to the docs bucket where he can create named objects
and user Jim has access to the videos bucket. Neither Joe nor Jim can write named objects to any
other domain in the cluster (cloud.com).

1.8.1. The Basics of DX Storage Security

DX Storage's security model uses the standard two-part approach of:
• Authentication: DX Storage uses standard Digest Access Authentication as discussed in
2617 to create one-way cryptographic hash algorithms to obscure identity information over
the Internet while allowing a client (for example, a web browser) and the DX Storage server to
exchange enough information to consummate authentication.
DX Storage validates user names and passwords from a security realm, which is discussed in the
next section.
• Authorization: Provided a user authenticates successfully, the user's privileges are derived
from the authorization specification associated with the object the user attempts to access. The
authorization specification is discussed in the next section.
Copyright © 2010 Caringo, Inc.
All rights reserved 5
HTTP/1.1 used by web
RFC
Version 5.0
December 2010